org.clazzes.util.http.sec
Class HttpCheckLoginHelper

java.lang.Object
  extended by org.clazzes.util.http.sec.HttpCheckLoginHelper

public abstract class HttpCheckLoginHelper
extends Object

A static helper for serlvets, which perform access checks on behalf of a HttpLoginService.


Field Summary
static String LOGIN_URL_HEADER
           
 
Constructor Summary
HttpCheckLoginHelper()
           
 
Method Summary
static Principal checkLogin(HttpLoginService service, javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse resp)
          Call HttpLoginService.checkLogin(HttpServletRequest) and write a HTTP unauthorized status (401) with the login URL contained in the response header "X-HTTP-util-login-url", if no user is logged in.
static boolean checkPermission(HttpLoginService service, javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse resp)
          Call HttpLoginService.checkPermission(HttpServletRequest, String) on a context URL composed from the request URL without server and protocol.
static void sendLoginRequired(javax.servlet.http.HttpServletResponse resp, String loginUrl)
          Write a HTTP unauthorized status (401) with the login URL contained in the response header "X-HTTP-util-login-url" as response to the client.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

LOGIN_URL_HEADER

public static final String LOGIN_URL_HEADER
See Also:
Constant Field Values
Constructor Detail

HttpCheckLoginHelper

public HttpCheckLoginHelper()
Method Detail

checkLogin

public static final Principal checkLogin(HttpLoginService service,
                                         javax.servlet.http.HttpServletRequest req,
                                         javax.servlet.http.HttpServletResponse resp)
                                  throws IOException
Call HttpLoginService.checkLogin(HttpServletRequest) and write a HTTP unauthorized status (401) with the login URL contained in the response header "X-HTTP-util-login-url", if no user is logged in.

Parameters:
service - The login service.
req - The servlet request.
resp - The servlet response.
Returns:
The logged in user. If null is returned, a servlet response with status 401 has been written by this method and the servlet has to return immediately.
Throws:
IOException - Upon errors writing a response.
See Also:
sendLoginRequired(HttpServletResponse, String)

sendLoginRequired

public static final void sendLoginRequired(javax.servlet.http.HttpServletResponse resp,
                                           String loginUrl)
                                    throws IOException
Write a HTTP unauthorized status (401) with the login URL contained in the response header "X-HTTP-util-login-url" as response to the client.

Parameters:
resp - The servlet response.
loginUrl - A login URL as returned by HttpLoginService.getLoginUrl().
Throws:
IOException - Upon errors writing to the servlet response.

checkPermission

public static final boolean checkPermission(HttpLoginService service,
                                            javax.servlet.http.HttpServletRequest req,
                                            javax.servlet.http.HttpServletResponse resp)
                                     throws IOException
Call HttpLoginService.checkPermission(HttpServletRequest, String) on a context URL composed from the request URL without server and protocol. If permission is denied a HTTP forbidden response (403) is written to the response.

Parameters:
service - The login service.
req - The servlet request.
resp - The servlet response.
Returns:
Whether permission is granted. If false is returned, a servlet response has written and the servlet has to return immediately.
Throws:
IOException - Upon errors writing a response.


Copyright © 2012. All Rights Reserved.